{"id":"CVE-2024-33438","details":"File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.","modified":"2026-04-10T05:12:38.643709Z","published":"2024-04-29T18:15:08.047Z","references":[{"type":"ADVISORY","url":"https://forums.cubecart.com/topic/59046-cubecart-655-released-minor-security-update/"},{"type":"FIX","url":"https://github.com/cubecart/v6/commit/31a5ec39b0924b2111fbc3aa419bd8c5c3fc1841"},{"type":"PACKAGE","url":"https://github.com/cubecart/v6"},{"type":"PACKAGE","url":"https://github.com/julio-cfa/CVE-2024-33438"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cubecart/v6","events":[{"introduced":"0"},{"fixed":"5ab48e0aa42c9c2309ec259682062c84ee298590"},{"fixed":"31a5ec39b0924b2111fbc3aa419bd8c5c3fc1841"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.5.5"}]}}],"versions":["2.6.7","6.0.0","6.0.0b1","6.0.0b2","6.0.0b3","6.0.0b4","6.0.0b5","6.0.0b6","6.0.0b7","6.0.1","6.0.10","6.0.11","6.0.12","6.0.2","6.0.3","6.0.4","6.0.5","6.0.6","6.0.8","6.0.9","6.1.0","6.1.1","6.1.10","6.1.11pr","6.1.2","6.1.3","6.1.4","6.1.5","6.1.6","6.1.7","6.1.8","6.1.9","6.2.0","6.2.0-b1","6.2.0-rc1","6.2.0-rc2","6.2.1","6.2.2","6.2.3","6.2.4","6.2.5","6.2.6","6.2.8","6.2.9","6.4.0","6.4.0-b1","6.4.0-b2","6.4.1","6.4.10","6.4.2","6.4.3","6.4.4","6.4.5","6.4.6","6.4.7","6.4.8","6.4.9","6.5.0","6.5.1","6.5.2","6.5.3","6.5.4","v2.6.7","v6.0.0","v6.0.0b1","v6.0.0b2","v6.0.0b3","v6.0.0b4","v6.0.0b5","v6.0.0b6","v6.0.0b7","v6.0.1","v6.0.10","v6.0.11","v6.0.12","v6.0.2","v6.0.3","v6.0.4","v6.0.5","v6.0.6","v6.0.8","v6.0.9","v6.1.0","v6.1.1","v6.1.10","v6.1.2","v6.1.3","v6.1.4","v6.1.5","v6.1.6","v6.1.7","v6.1.8","v6.1.9","v6.2.0","v6.2.0-b1","v6.2.0-rc1","v6.2.0-rc2","v6.2.1","v6.2.2","v6.2.3","v6.2.4","v6.2.5","v6.2.6","v6.2.8","v6.2.9","v6.4.0","v6.4.0-b1","v6.4.0-b2","v6.4.1","v6.4.10","v6.4.2","v6.4.3","v6.4.4","v6.4.5","v6.4.6","v6.4.7","v6.4.8","v6.4.9","v6.5.0","v6.5.1","v6.5.2","v6.5.3","v6.5.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33438.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}]}